Tanya Forsheit kindly breaks down the recent changes in California insurance regulations that had me confused as to what, if anything, they mean for consumer privacy. As background, she writes, in part:
The California changes actually have greater significance than may be apparent on a quick glance. Although rarely noted in the media coverage, State insurance privacy regulations across the country (not just in California) find their roots in the federal Gramm Leach Bliley Act (GLBA), so California’s decision to make such changes provides a helpful illustration of the extraordinarily complex and confusing web of privacy regulation that governs even small organizations in this country. Also, California’s move with respect to these changes contravenes the conventional wisdom that California is a renegade pro-consumer state when it comes to privacy regulation. While California was the first “mavericky” state to pass data breach legislation (SB 1386) back in the early part of the last decade, many states long ago blew past California in passing and enforcing strict privacy and security regulations (e.g., Massachusetts and Connecticut). While other states have been taking steps over the last few years to galvanize privacy and security regulations, California has moved in the opposite direction – Governor Schwarzenegger has, on numerous occasions, vetoed legislation that would have enhanced California’s breach notification law (to require, for example, notice to California regulators)and now the California DOI has repealed what some might consider to be standard notice and opt-out requirements for insurance agents and brokers.
Read more on InformationLawGroup. Thanks to Tanya for her efforts to address the questions I (and apparently others) had posed to her.